Password Management

For single sign on implementations, or any application that authenticates users against the Ascendance database, it is important to understand and provide logic to process errors or warnings that may be returned by the login/authentication process, and, if your application provides the capability for users to change passwords, to keep the Ascendance database in sync with any user password changes.

Handling Password Errors and Warnings

The Ascendance applications have some basic requirements for the composition of user passwords, but in addition, schools can optionally set their own more stringent requirements for password strength, set forced expiration intervals, and implement automatic account locking after a certain number of failed login attempts. Each of these types of controls can be implemented for all users, or just for specific types of users, and schools can set up custom text to describe their password rules to users.

Therefore, the results of a login or user authentication process (returned as a ResultLogin data object) can include one or more errors or warnings and associated messages that should be displayed to the user. See ResultLoginErrors for a list of all possible errors and warnings and what should be done next in each case.

Note
Schools may instead choose to use LDAP authentication for some or all users. The password strength and forced expiration features do NOT apply to LDAP authenticated users, however, user accounts could still be manually locked for these users.

Password Changes

Note
Password changes do NOT apply to LDAP authenticated users.

If an error or warning requires or allows a user to change his or her password, you may provide your own functionality for password changes, or you can link the user directly to the My BackPack Change Password function.

If you provide your own password change feature, you may want to use the getErrorMessageText method in UserManagementService to obtain the custom text (if any) defined by the school to describe the password requirements to the user, and you will need to use the updatePasswordExt or updateUserPasswordExt method to make the corresponding update to the Ascendance database. These two methods also return a ResultLogin data object, and all of the information above related to handling errors and warnings will apply.

If a user forgot his/her password and needs to reset it in order to log in, you may provide the user with a link to the password reset page using the request parameter resetPassword=true.

https://mybackpack.senior-systems.com/SeniorApps/facelets/registration/loginCenter.xhtml?resetPassword=true

Note
Accounts that are locked as a result of too many invalid passwords will not have an email sent to the school administrator. Passwords cannot be changed for locked accounts.